IE9 HTTPS security is compromised by my Greasemonkey script?

Question

I’ve got a Greasemonkey-for-IE script in IE9 that’s importing jQuery. But on secure pages it doesn’t work.

I’m getting:

SEC7111: HTTPS security is compromised by http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

The code that fails is:

var script = document.createElement("script");
script.setAttribute("src", 
    "http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js");

How can I make this work? The script doesn’t cause a problem in Firefox.

Answer 1

You can eliminate the issue with simpler code by using a scheme-relative URL like this:

var script = document.createElement("script");
script.setAttribute("src", 
   "//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js");

This will use http:// on an http:// page and https:// on an https:// page...a much simpler way to solve the issue.

Answer 2

Presumably: Use https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js instead (or not trust a third party CDN (to be both trustworthy and not compromised) for your secure pages)